Free tools and resources for Data Protection Officers!

Tag Archives for " data breach "

ICO publishes report on use of data analytics in political campaigns

UK’s data protection authority ICO has published a report to Parliament that brings the various strands of its investigation up to date. ICO found a disturbing disregard for voters’ personal privacy by players across the political campaigning eco-system — from data companies and data brokers to social media platforms, campaign groups and political parties.

UK Information Commissioner is calling for views for a code of practice covering the use of data in campaigns and elections. It will simplify the rules and give certainty and assurance about using personal data as a legitimate tool in campaigns and elections.

Source: Blog: Information Commissioner’s report brings the ICO’s investigation into the use of data analytics in political campaigns up to date | ICO

Data Breaches Compromised 4.5 Billion Records in First Half of 2018

Gemalto released the latest findings of the Breach Level Index, a global database of public data breaches, revealing 945 data breaches led to 4.5 billion data records being compromised worldwide in the first half of 2018. Compared to the same period in 2017, the number of lost, stolen or compromised records increased by a staggering 133 percent, though the total number of breaches slightly decreased over the same period, signaling an increase in the severity of each incident.

A total of six social media breaches, including the Cambridge Analytica-Facebook incident, accounted for over 56 percent of total records compromised. Of the 945 data breaches, 189 (20 percent of all breaches) had an unknown or unaccounted number of compromised data records.

Source: Data Breaches Compromised 4.5 Billion Records in First Half of 2018*

Will Google+ be the final push US Congress needs to pass restrictions on data use?

Congress held a hearing a few weeks ago in response to news that Google kept secret a flaw that exposed almost 500,000 users’private user data on its Google+ platform. Though there is no evidence that data was actually used, and data breach laws as written today do not kick in until there is an actual “breach” involving an unauthorized acquisition of the data.

However, Google deliberately hid the problem from the public in order to avoid the type of bad publicity Facebook was getting from its Cambridge Analytica data breach. U.S. Senators at the hearing appeared to be troubled both by the legal loophole protecting Google from disclosure and with Google’s calculated decision to keep secrets.

Source: Will Google+ be the final push Congress needs to pass restrictions on data use? – MarTech Today

British Airways: data breach waters muddied

A recent statement issued by British Airways calls into question whether the data breach reported by the company last month will be considered a ‘personal data breach’ under the General Data Protection Regulation (GDPR), despite the company admitting that the breach involved personal data and took place after the GDPR took effect.

Source: British Airways: data breach waters muddied

‘Stalkerware’ Website Let Anyone Intercept Texts of Tens of Thousands of People

A hacker exposes the awful security of two companies that sell spyware for consumers. By simply viewing the HTML of a particular website, anyone could log in and rummage through Facebook messages, texts, and phone call data.

Source: ‘Stalkerware’ Website Let Anyone Intercept Texts of Tens of Thousands of People – Motherboard

CNIL Publishes Statistical Review of Data Breaches Since GDPR

Recently, the French Data Protection Authority (the “CNIL”) published a statistical review of personal data breaches during the first four months of the EU General Data Protection Regulation’s (“GDPR”) entry into application.

Between May 25 and October 1, 2018, the CNIL received 742 notifications of personal data breaches that affected 33,727,384 individuals located in France or elsewhere. Of those, 695 notifications were related to confidentiality breaches.

Source: CNIL Publishes Statistical Review of Data Breaches Since Entry into Application of GDPR

Lloyd v Google – putting the brakes on English data breach litigation?

A judgment handed down today by the English High Court will be welcomed by UK data controllers. Lloyd v Google [2018] EWHC 2599 represents a corollary to recent case law expanding the circumstances in which litigation may be brought in relation to breaches of data protection legislation.

Full article: Lloyd v Google – putting the brakes on English data breach litigation?

Vicarious liability in the data breach context – bad news for UK employers?

The Court of Appeal has upheld a decision of the High Court holding that an employer can be vicariously liable for data breaches caused by the actions of an employee, even where the employee’s actions were specifically intended to harm the employer.

Full article: Vicarious liability in the data breach context – bad news for UK employers?

Amazon fires employee for allegedly sharing customer email addresses

An Amazon employee was fired after sharing customers’ email addresses with an unnamed third-party seller, in violation of company policies. Amazon said only email addresses were taken by the employee, not any other customer information. The company has already started emailing affected customers about the incident.

A third-party seller is a merchant that sells on Amazon’s website, though the company declined to provide additional information about this seller. It said the seller has been blocked from Amazon.

Source: Amazon fires employee for allegedly sharing customer email addresses – CNET

Data breaches impacts share prices

Data has been dubbed the “new oil” by many market commentators, who describe how it has become the world’s most valuable commodity, powering the technology economy in the same way petroleum fuelled 20th century industry. But, as investors are finding, scandals caused by data leaks can be just as damaging to tech behemoths as oil spills are to supermajors.

Full article: Data privacy: Tech’s ‘dark underbelly’ bugs responsible investors | Financial Times

>